Synology DiskStation Manager contains a flaw that allows traversing outside of a restricted path. The issue is due to the /webapi/FileStation/file_sharing.cgi script not properly sanitizing user input, specifically directory traversal style attacks (e.g. '../'). This may allow a remote attacker to have an unspecified impact..